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REMARKS 

Claims 1, 3 to 16, 18 to 23, 25 to 34, and 36 to 40 are pending in this application of 
which claims 1, 11, 16, 20, 23, 29, 34 and 38 are the independent claims. Favorable 
reconsideration and further examination are respectfully requested. 

Claims 1, 3 to 16, 18 to 23, 25 to 34, and 36 to 40 were rejected under 35. U.S.C § 102(b) 
over Gasser et al. (U.S. Patent No. 5,224,163). As shown above, Applicants have amended 
claims 1 and 23 to define the invention in greater clarity. Applicants traverse the rejection of the 
remaining claims. 

Amended independent claim 1 is directed to a method that includes receiving, from a 
delegator, a designation of a role and a delegate to assume the role. The method also includes 
receiving, from a credential service provider, an indication that the designation is valid; and 
issuing a delegation credential in response to receiving the indication, wherein the delegation 
credential includes encoded delegation information. 

The applied art is not understood to disclose or suggest the foregoing features of claim 1 . 
In particular, Gasser does not disclose or suggest "issuing a delegation credential in response to 
receiving the indication, wherein the delegation credential includes encoded delegation 
information." 

In this regard, it was said on page 4 of the Office Action (referring to claim 1) that 

Gasser discloses a delegating authorization from one entity in a distributing system. Each entity 
on the distributed is given a unique name and a private key/public key for encoding and decoding 
certain messages, and therefore, delegation credential is readable as access rights or granting 
access to a certain message. Applicant should duly note that the delegation authorization of 
Gasser is based on a unique name and also on a private key/public key, accordingly, delegation 
credential is equivalent to granting access to a resource or message. 

and on page 3 of the Office Action (referring to claim 2) that 
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Gasser discloses the claimed method wherein the delegation credential comprises encoded 
delegation information (see., col. 3, lines 7-15, col. 5, lines 42-68). 

Applicants understand the Examiner as saying that a remote resource issues a delegation 
credential when the remote resource grants a user access to the remote resource. Applicants also 
understand the Examiner as saying that because a remote resource is an entity on the system 
which has a private key that enables the remote resource to encode messages, the remote system 
is therefore able to use the private key to encode the information provided in the delegation 
credential that is issued when the remote resource grants a user access. 

Even if "issuing a delegation credential" is equivalent to comparing names on an access 
control list and granting access if the names are on the list as the Examiner contends, the Gasser 
system is silent about encoding any information when the remote resource grants access to a 
user. Rather, the Gasser system simply permits the user to perform the requested operation on 
the remote resource. The Gasser system does not issue a delegation credential that includes 
encoded delegation information. For at least these reasons, Applicants submit that claim 1 is 
patentable over Gasser. 

Independent claim 1 1 is directed to a method that includes receiving a request from a 
delegate for access to a service and obtaining delegation credentials for the delegate. The 
method also includes determining which of the delegation credentials correspond to access 
requirements for the service and providing the delegation credentials that correspond to the 
access requirements. 
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The applied art is not understood to disclose or suggest the foregoing features of claim 
1 1, particularly with respect to "determining which of the delegation credentials correspond to 
access requirements for the service." 

In this regard, Gasser describes issuing a single delegation certificate to a delegate (see 
column 13, lines 38 to 54). Even when multiple certificates are used, Gasser does not disclose 
determining which of the delegation certificates correspond to the access requirements. That is, 
each certificate in the delegation chain of Gasser is necessary; therefore no such determination 
need be made (see column 13, line 57 to column 14 line 18 of Gasser). Since Gasser does not 
disclose determining which of the delegation credentials correspond to access requirements for a 
service, claim 1 1 is believed to be patentable over Gasser. 

Independent claim 16 is directed to a method that includes receiving, from a delegate, a 
value corresponding to a confirmation code and an identifier. The confirmation code and the 
identifier correspond to a delegator. The method also includes identifying the delegator using at 
least one of the identifier and the confirmation code and assigning, to the delegate, a delegation 
credential that corresponds to the delegator. The method further includes sending a message to 
the delegator indicating that the delegation credential has been assigned. 

The applied art is not understood to disclose or suggest the foregoing features of claim 
16, particularly with respect to "sending a message to the delegator indicating that the delegation 
credential has been assigned." 

More specifically, Gasser describes granting access to a resource after it is determined 
that the user name or delegated system is valid. However, Gasser does not describe sending a 
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message to the delegator, much less a message indicating that the delegation credential has been 
assigned (see column 3, lines 26 to 34 and column 13, lines 48 to 54 of Gasser). For at least this 
reason, claim 16 is believed to be patentable over Gasser. 

Independent claim 20 is directed to a method that includes receiving, from a delegate, a 
delegation request for a role of the delegator. The method also includes receiving a value 
corresponding to a confirmation code from the delegate and receiving, from the delegator, a 
request for outstanding delegation requests. The method further includes requesting approval 
from the delegator of an outstanding delegation request from the delegate and receiving the 
confirmation code from the delegator in response to requesting approval. 

The applied art is not understood to disclose or suggest the foregoing features of claim 
20, particularly with respect to "requesting approval from the delegator of an outstanding 
delegation request from the delegate." 

In this regard, it was said on page 4 of the Office Action that 

Gasser discloses when a user makes a request of a resource or message, the reference monitor (i.e., 
the manager of access to the resource) looks for the requesting user on that resources access 
control list. If the user's name id found (or membership in a group is verified), the requested 
access is granted. 

As acknowledged by the Examiner, the Gasser system uses a reference monitor to verify whether 
the request user's name is on the access control list. If so, the reference monitor compares the 
access requested by the user to the access allowed by the entry in the access control list. Only if 
the access control list entry indicates that the access requested is allowed does the reference 
monitor grant the user access to the remote resource. The "reference monitor" disclosed in the 
Gasser reference is not equivalent to the "delegator" of this application. Gasser does not mention 
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"requesting approval from the delegator of an outstanding delegation request from the delegate". 
Accordingly, Applicants respectfully submit that claim 20 should be allowed. 

Independent claims 23, 29, 34 and 38 roughly correspond to independent claims 1, 11, 16 
and 20, respectively. Accordingly, claims 23, 29, 34 and 38 are believed to be allowable for at 
least the same reasons noted above with respect to claims 1, 11, 16 and 20. 

In view of the foregoing amendments and remarks, Applicants submit that the entire 
application is now in condition for allowance. Such action is respectfully requested at the 
Examiner's earliest convenience. 

All correspondence should be directed to the below address. Applicants' attorney can be 
reached by telephone at the number shown below. 

No fee is believed to be due for this Response; however, if any fees are due, please apply 
such fees to Deposit Account No. 06-1050 referencing Attorney Docket 10559-505001. 



Date: 



ATTORNEYS FOR INTEL 
Fish & Richardson P.C. 
225 Franklin Street 
Boston, MA 02110-2804 
Telephone: (617) 542-5070 
Facsimile: (617) 542-8906 



Respectfully submitted, 




Mandy Juoang 
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